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DETAILED ACTION 

1. This Office action is in response to the Appeal Brief filed on 9/14/06. 

2. Claims 1-21 are pending. 

3. In view of the Appeal Brief filed on 9/14/06, PROSECUTION IS HEREBY 
REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41.20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 
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Response to Arguments 

4. Applicant's arguments with respect to claims 1-21 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

5. Claims 1-3, 6, 10, 11 and 15-18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Leung USPN 6,760,444 (hereinafter Leung) in view of Marko et al. 
USPN 5,732,350. (hereinafter Marko) 

6. As per claim 1, Leung discloses a method for authenticating a roaming device 
with a network, comprising the steps of: 

a. generating, by an authentication server of the network, authentication data 
associated with the roaming device (col. 7:35-36); 

b. sending, by the authentication server, the authentication data to an access 
point of the network, the access point being connected to the authentication 
server(7: 38-50); and 

c. when the roaming device roams to a particular access point, using the 
authentication data to locally authenticate the roaming device at the particular 
access point. (7:50-67) 

Leung does not disclose sending the authentication data to a plurality of access points 
and storing the authentication data in the plurality of access points, such that the 
roaming device is locally authenticated at a particular access point of the plurality of 
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access points. Marko discloses a method for registering a mobile station among a 
plurality of base stations based upon a dynamic algorithm. When a mobile station 
approaches a cell where the mobile station is not yet registered, the mobile station 
registers with this station, whereupon a network controller automatically registers the 
mobile station with all base stations within the group defined by the cell grouping level. 
Col. 7:24-57; 8:51-9:28. This enables the mobile station to roam among a cell grouping 
without registering each time the mobile moves to a cell within the grouping. It would be 
obvious to one of ordinary skill in the art at the time the invention was made to send the 
authentication data to a plurality of access points and locally store the authentication 
data in the plurality of access points. One would be motivated to do so to reduce user 
registration traffic. Marko, col. 1:58-65; 2:36-40. The aforementioned covers the 
limitation of claim 1. 

7. As per claim 2, the rejection of claim 1 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
method further comprising the step of storing the authentication data in a memory 
arrangement of each of the access points. See Leung, col. 7:50-67; Marko, 7:24-56. 

8. As per claim 3, the rejection of claim 1 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. Leung does not 
expressly teach the authentication data is encrypted. However, it is notoriously well 
known in the art that authentication data transmitted in the clear is susceptible to sniffing 
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attacks. To prevent authentication data from being stolen, these values are typically 
encrypted using a shared secret between the sender and receiver. For example, in the 
RADIUS protocol, a password transmitted from a client to an authentication server is 
hidden using a shared secret. Hence, it would be obvious to one of ordinary skill in the 
art at the time the invention was made for the authentication data to be transmitted 
securely to prevent the data from being stolen as known to one of ordinary skill in the 
art. The aforementioned cover the limitations of claim 3. 

9. As per claim 6, the rejection of claim 1 under 35 U.S.C. 1 03(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
method further comprising the preliminary steps of determining if the particular access 
point has authentication data associated with the roaming device; if the determination is 
positive, proceed to the step of using the authentication data to locally authenticate the 
roaming device at the particular access point; and if the determination is negative, 
proceed to the step of generating, by an authentication server of the network, 
authentication data associated with the roaming device. Leung, col. 7:10-31; 7:56-8:8. 

10. As per claim 10, Leung discloses a method for authenticating a roaming device 
with a network, comprising the steps of: 

d. connecting the roaming device with an authentication server upon a 
contact of the roaming device with a first access point of the network; 
authenticating the roaming device with the authentication server; generating 
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authentication data for the roaming device; distributing, by the authentication 
server, the authentication data to the first access point of the network; and locally 
authenticating the roaming device upon a contact with the first access point using 
the distributed authentication data. Col. 7:35-67. 
Leung does not disclose sending the authentication data to a second access point and 
storing the authentication data in the second access point, then locally authenticating 
the roaming device upon a contract with the second access point using the distributed 
authentication data. Marko discloses a method for registering a mobile station among a 
plurality of base stations based upon a dynamic algorithm. When a mobile station 
approaches a cell where the mobile station is not yet registered, the mobile station 
registers with this station, whereupon a network controller automatically registers the 
mobile station with all base stations within the group defined by the cell grouping level. 
Col. 7:24-57; 8:51-9:28. This enables the mobile station to roam among a cell grouping 
without registering each time the mobile moves to a cell within the grouping. It would be 
obvious to one of ordinary skill in the art at the time the invention was made to send the 
authentication data to a second access point and store the authentication data in the 
second access point, then locally authenticate the roaming device upon a contract with 
the second access point using the distributed authentication data. One would be 
motivated to do so to reduce user registration traffic. Marko, col. 1 :58-65; 2:36-40. The 
aforementioned covers the limitation of claim 1 0. 
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11. As per claim 11, the rejection of claim 10 under 35 U.S. C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
method further comprising the step of authenticating the roaming device with the 
authentication server if the local authentication of the roaming device fails. Leung, col. 
7:10-31;7:56-8:8. 

12. As per claim 15, the rejection of claim 10 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
authentication server is a remote authentication dial-in user server. Leung, col. 7:1-5. 

13. As per claim 16, Leung discloses a system for authenticating a roaming device 
with a network, comprising: 

e. an authentication server connected to the network; and first and second 
access points connected to the authentication server, the first and second access 
points being capable of communicating with the roaming device, each of the first 
and second access points including a memory arrangement capable of storing 
authentication data corresponding to the roaming device, wherein the 
authentication server sends the authentication data to the first access point upon 
an initial authentication procedure of the roaming device with the first access 
point, and wherein the first access point authenticates the roaming device upon a 
contact of the roaming device with the first access point. Col. 7:35-67. 
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Leung does not disclose sending the authentication data to a second access point and 
storing the authentication data in the second access point, then locally authenticating 
the roaming device upon a contract with the second access point using the distributed 
authentication data. Marko discloses a method for registering a mobile station among a 
plurality of base stations based upon a dynamic algorithm. When a mobile station 
approaches a cell where the mobile station is not yet registered, the mobile station 
registers with this station, whereupon a network controller automatically registers the 
mobile station with all base stations within the group defined by the cell grouping level. 
Col. 7:24-57; 8:51-9:28. This enables the mobile station to roam among a cell grouping 
without registering each time the mobile moves to a cell within the grouping. It would be 
obvious to one of ordinary skill in the art at the time the invention was made to send the 
authentication data to a second access point and store the authentication data in the 
second access point, then locally authenticate the roaming device upon a contract with 
the second access point using the distributed authentication data. One would be 
motivated to do so to reduce user registration traffic. Marko, col. 1:58-65; 2:36-40. The 
aforementioned covers the limitation of claim 16. 



14. As per claim 17, the rejection of claim 16 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
second access point authenticates the roaming device with the authentication server if 
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the authentication data is not found in the memory arrangement of the second access 
point. Leung, col. 7:10-31; 7:56-8:8. 

15. As per claim 18, the rejection of claim 16 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
second access point authenticates the roaming device with the authentication server if 
the local authentication of the roaming device at the second access point fails. Leung, 
col. 7:10-31; 7:56-8:8. 

16. Claims 4 and 5 are rejected under 35 USC 103(a) as being unpatentable over 
Leung in view of Marko, and further in view of Ablay et al. USPN 5,408,683. (hereinafter 
Ablay) 

17. As per claim 4, the rejection of claim 3 under 35 USC 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. Leung does not 
expressly disclose using prediction algorithms to anticipate where the roaming device 
will roam to determine to which access points to send the encrypted authentication data. 
Ablay discloses a method of tracking subscribers in a networked radio communications 
system having a plurality of trunked communication networks using location information 
of the subscribers to anticipate a roaming unit's location to reduce the number of 
registrations and de-registrations of the roaming unit. Col. 5:19-60; 6:26-57. Therefore, 
it would be obvious to one of ordinary skill in the art at the time the invention was made 
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to combine the teachings of Ablay with the invention of Leung and Marko to use 
prediction algorithms to anticipate where the roaming device will roam to determine to 
which access points to send the encrypted authentication data. One would be 
motivated to do so to reduce the transmission overhead in keeping track of roaming 
subscribers. Ablay, 3:30-37. The aforementioned cover the limitations of claim 4. 

18. As per claim 5, the rejection of claim 4 under 35 USC 103(a) as being 
unpatentable over Leung in view of Marko and Ablay is incorporated herein. In addition, 
the limitation of sending the encrypted authentication data to all the access points is an 
obvious enhancement in view of the teaching of Ablay that a mobile unit's registration is 
maintained at all access points in the anticipated probable locations of the mobile unit. 
Ablay, col. 5:19-26. The aforementioned cover the limitations of claim 5. 

19. Claims 7, 8 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Leung in view of Marko, and further in view of Vij et al. USPN 6,452,91 0. 
(hereinafter Vij) 

20. As per claim 7, the rejection of claim 6 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein, (supra) In addition, 
the step of using the authentication data to locally authenticate the roaming device 
further comprises reassociating the roaming device with the particular access point of 
the access points by providing identification information. Leung, col. 7:10-13. However, 
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Leung only discloses that the roaming device provides identification, and does not 
disclose that an exchange occurs between the roaming device and access points to 
reassociate. Vij discloses a management means for wireless access points wherein 
wireless devices are mutually authenticated with access points utilizing a common link 
key to verify that the wireless device is authorized to access the access point, and to 
ensure that the access point is the intended receiver. Col. 11:1-7. Therefore, it would be 
obvious to one of ordinary skill in the art at the time the invention was made for the 
reassociating to include a mutual authentication between the roaming device and the 
access point, since it is desirous to verify that the participants belong to the same local 
network. Vij, ibid. The aforementioned cover the limitations of claim 7. 

21 . As per claim 8, the rejection of claim 7 under 35 U.S.C. 1 03(a) is incorporated 
herein. In addition, the reassociating step further includes the substeps of: searching a 
memory arrangement of the particular access point for the authentication data 
associated with the roaming device; and if the authentication data is found, performing a 
mutual authentication procedure between the roaming device and the particular access 
point. Leung, col. 7:10-31; 7:56-8:8; Vij, 11:1-7. 

22. As per claim 1 3, the rejection of claim 1 0 under 35 U.S.C. 1 03(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, Leung 
discloses the locally authenticating step further includes the substeps of: providing 
identification data by the roaming device to the second access point; and correlating the 



Application/Control Number: 10/026,043 Page 12 

Art Unit: 2132 

identification data with the distributed authentication data. Col. 7:10-13. However, 
Leung only discloses that the roaming device provides identification, and does not 
disclose exchanging identification between the roaming device and access points to 
reassociate. Vij discloses a management means for wireless access points wherein 
wireless devices are mutually authenticated with access points using a common link key 
to verify that the wireless device is authorized to access the access point, and to ensure 
that the access point is the intended receiver. Col. 11:1-7. Therefore, it would be 
obvious to one of ordinary skill in the art at the time the invention was made for the 
reassociating to include a mutual authentication between the roaming device and the 
access point, since it is desirous to verify that the participants of a transmission belong 
to the same local network. Vij, ibid. The aforementioned cover the limitations of claim 
13. 

23. Claims 9, 12 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Leung in view of Marko, and further in view of Zhang et al. US Patent Application 
no. 20020174335 (hereinafter Zhang); RFC 2138 is incorporated to illustrate inherent 
properties of the RADIUS protocol. 

24. As per claim 9, the rejection of claim 1 under 35 U.S.C. 103(a) as being 
unpatentable over Leung in view of Marko is incorporated herein. In addition, the 
generating step further includes the steps of: receiving an authentication request from 
the roaming device; determining that the roaming device can be granted access to 
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network services. Leung, col. 7:1 1-8:12. Leung does not expressly teach generating 
an encrypted session key associated with the roaming device in the authentication 
server; wherein the authentication request is encrypted. Zhang discloses an 
authentication procedure for mobile devices designed by Cisco wherein a roaming user 
is authenticated via an access point, and uses the RADIUS protocol to authenticate the 
user to an authentication server. Upon, authentication, an encrypted session key is 
delivered from the authentication server to the access point and the user. (pg. 3, 
paragraphs 44-46; RFC 2138, pg. 4, last sentence, section 2, the password is encrypted 
using a method based on the RSA message digest algorithm MD5) Further, it is 
notoriously well known that authentication data transmitted in the clear is susceptible to 
sniffing attacks; to prevent authentication data from being stolen, these values are 
typically encrypted using a shared secret between the sender and receiver. For 
example, in the RADIUS protocol, a password transmitted from a client to an 
authentication server is hidden using a shared secret. Hence, it would be obvious to 
one of ordinary skill in the art at the time the invention was made to generate an 
encrypted session key associated with the roaming device in the authentication server; 
wherein the authentication request is encrypted. One would be motivated to do so to 
securely transmit data as reflected in the RADIUS protocol and the Cisco authentication 
procedure. The aforementioned cover the limitations of claim 9. 

25. As per claims 12 and 14, the rejection of claim 10 under 35 U.S.C. 103(a) as 
being unpatentable over Leung in view of Marko is incorporated herein. In addition, 
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Leung discloses the use of RADIUS protocol to authenticate the user with an 
authentication server, but Leung does not expressly disclose the distribution step further 
includes the substep of distributing an encrypted session key to the first and second 
access points, the method further comprising the steps of establishing a shared secret 
encryption between the authentication server and the first and second access points. 
Zhang discloses an authentication procedure for mobile devices designed by Cisco 
wherein a roaming user is authenticated via an access point, and uses the RADIUS 
protocol to authenticate the user to an authentication server. Upon, authentication, an 
encrypted session key is delivered from the authentication server to the access point 
and the user (pg. 3, paragraphs 44-46; RFC 2138, pg. 4, last sentence, section 2, the 
password is encrypted using a method based on the RSA message digest algorithm 
MD5) Further, it is notoriously well known that authentication data transmitted in the 
clear is susceptible to sniffing attacks; to prevent authentication data from being stolen, 
these values are typically encrypted using a shared secret between the sender and 
receiver. Hence, it would be obvious to one of ordinary skill in the art at the time the 
invention was made for the distribution step to further include the substep of distributing 
an encrypted session key to the first and second access points, the method further 
comprising the steps of establishing a shared secret encryption between the 
authentication server and the first and second access points. One would be motivated 
to do so to securely transmit data as reflected in the RADIUS protocol and the Cisco 
authentication procedure. The aforementioned cover the limitations of claims 12 and 
14. 
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26. Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leung in 
view of Zhang; RFC 2138 is incorporated to illustrate inherent properties of the RADIUS 
protocol. 

27. As per claim 19, Leung discloses a method for authenticating a roaming device 
with a network, comprising the steps of: with an authentication server, receiving an 
authentication request from a roaming device; sending the authentication data to an 
access point of the network, and utilizing the authentication data to authenticate the 
roaming device at the access point. Leung does not disclose the request being 
encrypted with a first shared code; generating a session key associated with the 
roaming device; sending the session key to an access point of the network, the session 
key being encrypted with a second shared code; and utilizing the session key to 
authenticate the roaming device at the access point, and to encrypt data exchanged 
between the roaming device and the access point. Zhang discloses an authentication 
procedure for mobile devices designed by Cisco wherein a roaming user is 
authenticated via an access point, and uses the RADIUS protocol to authenticate the 
user to an authentication server. Upon, authentication, an encrypted session key is 
delivered from the authentication server to the access point and the user (pg. 3, 
paragraphs 44-46; RFC 2138, pg. 4, last sentence, section 2, the password is encrypted 
using a method based on the RSA message digest algorithm MD5) Further, it is 
notoriously well known that authentication data transmitted in the clear is susceptible to 
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sniffing attacks; to prevent authentication data from being stolen, these values are 
typically encrypted using a shared secret between the sender and receiver. For 
example, in the RADIUS protocol, a password transmitted from a client to an 
authentication server is hidden using a shared secret. Hence, it would be obvious to 
one of ordinary skill in the art at the time the invention was made for the request to be 
encrypted with a first shared code; generating a session key associated with the 
roaming device; sending the session key to an access point of the network, the session 
key being encrypted with a second shared code; and utilizing the session key to 
authenticate the roaming device at the access point, and to encrypt data exchanged 
between the roaming device and the access point. One would be motivated to do so to 
securely transmit data as reflected in the RADIUS protocol and the Cisco authentication 
procedure. The aforementioned cover the limitations of claim 1 9. 

28. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leung in 
view of Zhang, and further in view of Marko. 

29. As per claim 20, the rejection of claim 19 under 35 U.S.C. 103(a) is incorporated 
herein. Leung does not disclose the step of sending the encrypted session key to a 
further access point of the network to authenticate the roaming device at the further 
access point. Marko discloses a method for registering a mobile station among a 
plurality of base stations based upon a dynamic algorithm. When a mobile station 
approaches a cell where the mobile station is not yet registered, the mobile station 
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registers with this station, whereupon a network controller automatically registers the 
mobile station with all base stations within the group defined by the cell grouping level. 
Col. 7:24-57; 8:51-9:28. This enables the mobile station to roam among a cell grouping 
without registering each time the mobile moves to a cell within the grouping. It would be 
obvious to one of ordinary skill in the art at the time the invention was made to include 
the step of sending the encrypted session key to a further access point of the network to 
authenticate the roaming device at the further access point. One would be motivated to 
do so to reduce user registration traffic. Marko, col. 1 :58-65; 2:36-40. The 
aforementioned cover the limitations of claim 20. 

30. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leung in 
view of Zhang, and further in view of Quick, Jr. USPN 6,178,506 (hereinafter Quick 
'506). 

31. As per claim 21, the rejection of claim 19 under 35 U.S.C. 103(a) is incorporated 
herein. In addition, Leung in view of Zhang discloses the method further comprising the 
steps of: generating a first key of the session key to perform authentication of the 
roaming device at the access point; and generating a second key of the session key to 
encrypt data exchanges between the roaming device and the access point. See Leung, 
7:50-61 ; see Zhang, paragraph 45. Leung does not expressly teach the first key as 
being different from the second key. Quick '506 discloses an authentication method 
wherein a first portion of a session key is used for authentication and a second portion 
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of the session key is used for encryption. Since, the session key is larger then the 
required byte size necessary for authentication, the portion not used for authentication 
is used for encryption. Col. 5:38-50. Therefore, it would be obvious to one of ordinary 
skill in the art at the time the invention was made for the first key generated from the 
session key to perform authentication and the second key generated from the session 
key to perform encryption to be different keys, since the protocols for authentication and 
encryption typically require different length keys. Quick '506, 5:45-50. The 
aforementioned cover the limitations of claim 21 . 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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